The 2011 Pwnie Nominee For Best Privilege Escalation Bug

Privilege escalation in CSRSS (CVE-2011-1281)

Credit: Matthew ‘j00ru’ Jurczyk

Privilege escalation bug in Windows CSRSS. Very interesting methods for getting an exploit working: handle free-list spraying by creating/freeing hundreds of consoles, getting data into memory of a process that runs as SYSTEM (utilman.exe) by creating lots of windows with overly long titles, and others.